aboutsummaryrefslogtreecommitdiffstats
path: root/config/suricata
diff options
context:
space:
mode:
Diffstat (limited to 'config/suricata')
-rw-r--r--config/suricata/suricata_app_parsers.php294
-rw-r--r--config/suricata/suricata_flow_stream.php262
-rw-r--r--config/suricata/suricata_import_aliases.php18
-rw-r--r--config/suricata/suricata_libhtp_policy_engine.php210
-rw-r--r--config/suricata/suricata_os_policy_engine.php186
5 files changed, 512 insertions, 458 deletions
diff --git a/config/suricata/suricata_app_parsers.php b/config/suricata/suricata_app_parsers.php
index 1706f04a..eddf273d 100644
--- a/config/suricata/suricata_app_parsers.php
+++ b/config/suricata/suricata_app_parsers.php
@@ -60,7 +60,7 @@ $libhtp_engine_next_id = count($a_nat[$id]['libhtp_policy']['item']);
// Build a lookup array of currently used engine 'bind_to' Aliases
// so we can screen matching Alias names from the list.
$used = array();
-foreach ($a_nat[$id]['host_os_policy']['item'] as $v)
+foreach ($a_nat[$id]['libhtp_policy']['item'] as $v)
$used[$v['bind_to']] = true;
$pconfig = array();
@@ -86,17 +86,125 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['libhtp_policy'] = $a_nat[$id]['libhtp_policy'];
}
-// Check for "import alias mode" and set flag if TRUE
+// Check for "import or select alias mode" and set flags if TRUE.
+// "selectalias", when true, displays radio buttons to limit
+// multiple selections.
if ($_POST['import_alias']) {
$importalias = true;
+ $selectalias = false;
$title = "HTTP Server Policy";
}
-else
- $importalias = false;
+elseif ($_POST['select_alias']) {
+ $importalias = true;
+ $selectalias = true;
+ $title = "HTTP Server Policy";
+
+ // Preserve current Libhtp Policy Engine settings
+ $eng_id = $_POST['eng_id'];
+ $eng_name = $_POST['policy_name'];
+ $eng_bind = $_POST['policy_bind_to'];
+ $eng_personality = $_POST['personality'];
+ $eng_req_body_limit = $_POST['req_body_limit'];
+ $eng_resp_body_limit = $_POST['resp_body_limit'];
+ $eng_enable_double_decode_path = $_POST['enable_double_decode_path'];
+ $eng_enable_double_decode_query = $_POST['enable_double_decode_query'];
+ $mode = "add_edit_libhtp_policy";
+}
+if ($_POST['save_libhtp_policy']) {
+ if ($_POST['eng_id'] != "") {
+ $eng_id = $_POST['eng_id'];
+
+ // Grab all the POST values and save in new temp array
+ $engine = array();
+ $policy_name = trim($_POST['policy_name']);
+ if ($policy_name) {
+ $engine['name'] = $policy_name;
+ }
+ else
+ $input_errors[] = gettext("The 'Policy Name' value cannot be blank.");
+
+ if ($_POST['policy_bind_to']) {
+ if (is_alias($_POST['policy_bind_to']))
+ $engine['bind_to'] = $_POST['policy_bind_to'];
+ elseif (strtolower(trim($_POST['policy_bind_to'])) == "all")
+ $engine['bind_to'] = "all";
+ else
+ $input_errors[] = gettext("You must provide a valid Alias or the reserved keyword 'all' for the 'Bind-To IP Address' value.");
+ }
+ else
+ $input_errors[] = gettext("The 'Bind-To IP Address' value cannot be blank. Provide a valid Alias or the reserved keyword 'all'.");
+
+ if ($_POST['personality']) { $engine['personality'] = $_POST['personality']; } else { $engine['personality'] = "bsd"; }
+
+ if (is_numeric($_POST['req_body_limit']) && $_POST['req_body_limit'] >= 0)
+ $engine['request-body-limit'] = $_POST['req_body_limit'];
+ else
+ $input_errors[] = gettext("The value for 'Request Body Limit' must be all numbers and greater than or equal to zero.");
+
+ if (is_numeric($_POST['resp_body_limit']) && $_POST['resp_body_limit'] >= 0)
+ $engine['response-body-limit'] = $_POST['resp_body_limit'];
+ else
+ $input_errors[] = gettext("The value for 'Response Body Limit' must be all numbers and greater than or equal to zero.");
-if ($_POST['add_libhtp_policy']) {
- header("Location: suricata_libhtp_policy_engine.php?id={$id}&eng_id={$libhtp_engine_next_id}");
- exit;
+ if ($_POST['enable_double_decode_path']) { $engine['double-decode-path'] = 'yes'; }else{ $engine['double-decode-path'] = 'no'; }
+ if ($_POST['enable_double_decode_query']) { $engine['double-decode-query'] = 'yes'; }else{ $engine['double-decode-query'] = 'no'; }
+
+ // Can only have one "all" Bind_To address
+ if ($engine['bind_to'] == "all" && $engine['name'] <> "default")
+ $input_errors[] = gettext("Only one default OS-Policy Engine can be bound to all addresses.");
+
+ // if no errors, write new entry to conf
+ if (!$input_errors) {
+ if (isset($eng_id) && $a_nat[$id]['libhtp_policy']['item'][$eng_id]) {
+ $a_nat[$id]['libhtp_policy']['item'][$eng_id] = $engine;
+ }
+ else
+ $a_nat[$id]['libhtp_policy']['item'][] = $engine;
+
+ /* Reorder the engine array to ensure the */
+ /* 'bind_to=all' entry is at the bottom */
+ /* if it contains more than one entry. */
+ if (count($a_nat[$id]['libhtp_policy']['item']) > 1) {
+ $i = -1;
+ foreach ($a_nat[$id]['libhtp_policy']['item'] as $f => $v) {
+ if ($v['bind_to'] == "all") {
+ $i = $f;
+ break;
+ }
+ }
+ /* Only relocate the entry if we */
+ /* found it, and it's not already */
+ /* at the end. */
+ if ($i > -1 && ($i < (count($a_nat[$id]['libhtp_policy']['item']) - 1))) {
+ $tmp = $a_nat[$id]['libhtp_policy']['item'][$i];
+ unset($a_nat[$id]['libhtp_policy']['item'][$i]);
+ $a_nat[$id]['libhtp_policy']['item'][] = $tmp;
+ }
+ }
+
+ // Now write the new engine array to conf
+ write_config();
+ $pconfig['libhtp_policy']['item'] = $a_nat[$id]['libhtp_policy']['item'];
+ }
+ else {
+ $add_edit_libhtp_policy = true;
+ $pengcfg = $engine;
+ }
+ }
+}
+elseif ($_POST['add_libhtp_policy']) {
+ $add_edit_libhtp_policy = true;
+ $pengcfg = array( "name" => "engine_{$libhtp_engine_next_id}", "bind_to" => "", "personality" => "IDS",
+ "request-body-limit" => "4096", "response-body-limit" => "4096",
+ "double-decode-path" => "no", "double-decode-query" => "no" );
+ $eng_id = $libhtp_engine_next_id;
+}
+elseif ($_POST['edit_libhtp_policy']) {
+ if ($_POST['eng_id'] != "") {
+ $add_edit_libhtp_policy = true;
+ $eng_id = $_POST['eng_id'];
+ $pengcfg = $a_nat[$id]['libhtp_policy']['item'][$eng_id];
+ }
}
elseif ($_POST['del_libhtp_policy']) {
$natent = array();
@@ -111,6 +219,9 @@ elseif ($_POST['del_libhtp_policy']) {
write_config();
}
}
+elseif ($_POST['cancel_libhtp_policy']) {
+ $add_edit_libhtp_policy = false;
+}
elseif ($_POST['ResetAll']) {
/* Reset all the settings to defaults */
@@ -120,54 +231,108 @@ elseif ($_POST['ResetAll']) {
$savemsg = gettext("All flow and stream settings have been reset to their defaults.");
}
elseif ($_POST['save_import_alias']) {
- $engine = array( "name" => "", "bind_to" => "", "personality" => "IDS",
- "request-body-limit" => "4096", "response-body-limit" => "4096",
- "double-decode-path" => "no", "double-decode-query" => "no" );
-
- // See if anything was checked to import
- if (is_array($_POST['aliastoimport']) && count($_POST['aliastoimport']) > 0) {
- foreach ($_POST['aliastoimport'] as $item) {
- $engine['name'] = strtolower($item);
- $engine['bind_to'] = $item;
- $a_nat[$id]['libhtp_policy']['item'][] = $engine;
+ // If saving out of "select alias" mode,
+ // then return to Libhtp Policy Engine edit
+ // page.
+ if ($_POST['mode'] == 'add_edit_libhtp_policy') {
+ $pengcfg = array();
+ $eng_id = $_POST['eng_id'];
+ $pengcfg['name'] = $_POST['eng_name'];
+ $pengcfg['bind_to'] = $_POST['eng_bind'];
+ $pengcfg['personality'] = $_POST['eng_personality'];
+ $pengcfg['request-body-limit'] = $_POST['eng_req_body_limit'];
+ $pengcfg['response-body-limit'] = $_POST['eng_resp_body_limit'];
+ $pengcfg['double-decode-path'] = $_POST['eng_enable_double_decode_path'];
+ $pengcfg['double-decode-query'] = $_POST['eng_enable_double_decode_query'];
+ $add_edit_libhtp_policy = true;
+ $mode = "add_edit_libhtp_policy";
+
+ if (is_array($_POST['aliastoimport']) && count($_POST['aliastoimport']) == 1) {
+ $pengcfg['bind_to'] = $_POST['aliastoimport'][0];
+ $importalias = false;
+ $selectalias = false;
+ }
+ else {
+ $input_errors[] = gettext("No Alias is selected for import. Nothing to SAVE.");
+ $importalias = true;
+ $selectalias = true;
+ $eng_id = $_POST['eng_id'];
+ $eng_name = $_POST['eng_name'];
+ $eng_bind = $_POST['eng_bind'];
+ $eng_personality = $_POST['eng_personality'];
+ $eng_req_body_limit = $_POST['eng_req_body_limit'];
+ $eng_resp_body_limit = $_POST['eng_resp_body_limit'];
+ $eng_enable_double_decode_path = $_POST['eng_enable_double_decode_path'];
+ $eng_enable_double_decode_query = $_POST['eng_enable_double_decode_query'];
}
}
else {
- $input_errors[] = gettext("No entries were selected for import. Please select one or more Aliases for import and click SAVE.");
- $importalias = true;
- }
+ $engine = array( "name" => "", "bind_to" => "", "personality" => "IDS",
+ "request-body-limit" => "4096", "response-body-limit" => "4096",
+ "double-decode-path" => "no", "double-decode-query" => "no" );
+
+ // See if anything was checked to import
+ if (is_array($_POST['aliastoimport']) && count($_POST['aliastoimport']) > 0) {
+ foreach ($_POST['aliastoimport'] as $item) {
+ $engine['name'] = strtolower($item);
+ $engine['bind_to'] = $item;
+ $a_nat[$id]['libhtp_policy']['item'][] = $engine;
+ }
+ }
+ else {
+ $input_errors[] = gettext("No entries were selected for import. Please select one or more Aliases for import and click SAVE.");
+ $importalias = true;
+ }
- // if no errors, write new entry to conf
- if (!$input_errors) {
- // Reorder the engine array to ensure the
- // 'bind_to=all' entry is at the bottom if
- // the array contains more than one entry.
- if (count($a_nat[$id]['libhtp_policy']['item']) > 1) {
- $i = -1;
- foreach ($a_nat[$id]['libhtp_policy']['item'] as $f => $v) {
- if ($v['bind_to'] == "all") {
- $i = $f;
- break;
+ // if no errors, write new entry to conf
+ if (!$input_errors) {
+ // Reorder the engine array to ensure the
+ // 'bind_to=all' entry is at the bottom if
+ // the array contains more than one entry.
+ if (count($a_nat[$id]['libhtp_policy']['item']) > 1) {
+ $i = -1;
+ foreach ($a_nat[$id]['libhtp_policy']['item'] as $f => $v) {
+ if ($v['bind_to'] == "all") {
+ $i = $f;
+ break;
+ }
}
+ // Only relocate the entry if we
+ // found it, and it's not already
+ // at the end.
+ if ($i > -1 && ($i < (count($a_nat[$id]['libhtp_policy']['item']) - 1))) {
+ $tmp = $a_nat[$id]['libhtp_policy']['item'][$i];
+ unset($a_nat[$id]['libhtp_policy']['item'][$i]);
+ $a_nat[$id]['libhtp_policy']['item'][] = $tmp;
+ }
+ $pconfig['libhtp_policy']['item'] = $a_nat[$id]['libhtp_policy']['item'];
}
- // Only relocate the entry if we
- // found it, and it's not already
- // at the end.
- if ($i > -1 && ($i < (count($a_nat[$id]['libhtp_policy']['item']) - 1))) {
- $tmp = $a_nat[$id]['libhtp_policy']['item'][$i];
- unset($a_nat[$id]['libhtp_policy']['item'][$i]);
- $a_nat[$id]['libhtp_policy']['item'][] = $tmp;
- }
- $pconfig['libhtp_policy']['item'] = $a_nat[$id]['libhtp_policy']['item'];
- }
- // Write the new engine array to config file
- write_config();
- $importalias = false;
+ // Write the new engine array to config file
+ write_config();
+ $importalias = false;
+ }
}
}
elseif ($_POST['cancel_import_alias']) {
$importalias = false;
+ $selectalias = false;
+ $eng_id = $_POST['eng_id'];
+
+ // If cancelling out of "select alias" mode,
+ // then return to Libhtp Policy Engine edit
+ // page.
+ if ($_POST['mode'] == 'add_edit_libhtp_policy') {
+ $pengcfg = array();
+ $pengcfg['name'] = $_POST['eng_name'];
+ $pengcfg['bind_to'] = $_POST['eng_bind'];
+ $pengcfg['personality'] = $_POST['eng_personality'];
+ $pengcfg['request-body-limit'] = $_POST['eng_req_body_limit'];
+ $pengcfg['response-body-limit'] = $_POST['eng_resp_body_limit'];
+ $pengcfg['double-decode-path'] = $_POST['eng_enable_double_decode_path'];
+ $pengcfg['double-decode-query'] = $_POST['eng_enable_double_decode_query'];
+ $add_edit_libhtp_policy = true;
+ }
}
elseif ($_POST['save']) {
$natent = array();
@@ -222,7 +387,7 @@ include_once("head.inc");
<form action="suricata_app_parsers.php" method="post"name="iform" id="iform">
<input name="id" type="hidden" value="<?=$id;?>"/>
-<input type="hidden" name="eng_id" id="eng_id" value=""/>
+<input type="hidden" name="eng_id" id="eng_id" value="<?=$eng_id;?>"/>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -251,7 +416,21 @@ include_once("head.inc");
<tr><td><div id="mainarea">
<?php if ($importalias) : ?>
- <?php include("/usr/local/www/suricata/suricata_import_aliases.php"); ?>
+ <?php include("/usr/local/www/suricata/suricata_import_aliases.php");
+ if ($selectalias) {
+ echo '<input type="hidden" name="eng_name" value="' . $eng_name . '"/>';
+ echo '<input type="hidden" name="eng_bind" value="' . $eng_bind . '"/>';
+ echo '<input type="hidden" name="eng_personality" value="' . $eng_personality . '"/>';
+ echo '<input type="hidden" name="eng_req_body_limit" value="' . $eng_req_body_limit . '"/>';
+ echo '<input type="hidden" name="eng_resp_body_limit" value="' . $eng_resp_body_limit . '"/>';
+ echo '<input type="hidden" name="eng_enable_double_decode_path" value="' . $eng_enable_double_decode_path . '"/>';
+ echo '<input type="hidden" name="eng_enable_double_decode_query" value="' . $eng_enable_double_decode_query . '"/>';
+ }
+ ?>
+
+<?php elseif ($add_edit_libhtp_policy) : ?>
+ <?php include("/usr/local/www/suricata/suricata_libhtp_policy_engine.php"); ?>
+
<?php else: ?>
<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
@@ -297,9 +476,9 @@ include_once("head.inc");
<tr>
<td class="listlr" align="left"><?=gettext($v['name']);?></td>
<td class="listbg" align="center"><?=gettext($v['bind_to']);?></td>
- <td class="listt" align="right"><a href="suricata_libhtp_policy_engine.php?id=<?=$id;?>&eng_id=<?=$f;?>">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
- width="17" height="17" border="0" title="<?=gettext("Edit this server configuration");?>"></a>
+ <td class="listt" align="right"><input type="image" name="edit_libhtp_policy[]" value="<?=$f;?>" onclick="document.getElementById('eng_id').value='<?=$f;?>'"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="<?=gettext("Edit this server configuration");?>"/>
<?php if ($v['bind_to'] <> "all") : ?>
<input type="image" name="del_libhtp_policy[]" value="<?=$f;?>" onclick="document.getElementById('eng_id').value='<?=$f;?>';return confirm('Are you sure you want to delete this entry?');"
src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
@@ -338,23 +517,6 @@ include_once("head.inc");
</div>
</td></tr></table>
</form>
-<script type="text/javascript">
-function wopen(url, name, w, h)
-{
- // Fudge factors for window decoration space.
- // In my tests these work well on all platforms & browsers.
- w += 32;
- h += 96;
- var win = window.open(url,
- name,
- 'width=' + w + ', height=' + h + ', ' +
- 'location=no, menubar=no, ' +
- 'status=no, toolbar=no, scrollbars=yes, resizable=yes');
- win.resizeTo(w, h);
- win.focus();
-}
-
-</script>
<?php include("fend.inc"); ?>
</body>
</html>
diff --git a/config/suricata/suricata_flow_stream.php b/config/suricata/suricata_flow_stream.php
index 6d5134c3..6c081fa8 100644
--- a/config/suricata/suricata_flow_stream.php
+++ b/config/suricata/suricata_flow_stream.php
@@ -84,17 +84,111 @@ if (isset($id) && $a_nat[$id]) {
$pconfig['host_os_policy'] = $a_nat[$id]['host_os_policy'];
}
-// Check for "import alias mode" and set flag if TRUE
+// Check for "import or select alias mode" and set flags if TRUE.
+// "selectalias", when true, displays radio buttons to limit
+// multiple selections.
if ($_POST['import_alias']) {
$importalias = true;
+ $selectalias = false;
$title = "Host Operating System Policy";
}
-else
- $importalias = false;
+elseif ($_POST['select_alias']) {
+ $importalias = true;
+ $selectalias = true;
+ $title = "Host Operating System Policy";
+
+ // Preserve current OS Policy Engine settings
+ $eng_id = $_POST['eng_id'];
+ $eng_name = $_POST['policy_name'];
+ $eng_bind = $_POST['policy_bind_to'];
+ $eng_policy = $_POST['policy'];
+ $mode = "add_edit_os_policy";
+}
+
+if ($_POST['save_os_policy']) {
+ if ($_POST['eng_id'] != "") {
+ $eng_id = $_POST['eng_id'];
+
+ // Grab all the POST values and save in new temp array
+ $engine = array();
+ $policy_name = trim($_POST['policy_name']);
+ if ($policy_name) {
+ $engine['name'] = $policy_name;
+ }
+ else {
+ $input_errors[] = gettext("The 'Policy Name' value cannot be blank.");
+ $add_edit_os_policy = true;
+ }
+ if ($_POST['policy_bind_to']) {
+ if (is_alias($_POST['policy_bind_to']))
+ $engine['bind_to'] = $_POST['policy_bind_to'];
+ elseif (strtolower(trim($_POST['policy_bind_to'])) == "all")
+ $engine['bind_to'] = "all";
+ else {
+ $input_errors[] = gettext("You must provide a valid Alias or the reserved keyword 'all' for the 'Bind-To IP Address' value.");
+ $add_edit_os_policy = true;
+ }
+ }
+ else {
+ $input_errors[] = gettext("The 'Bind-To IP Address' value cannot be blank. Provide a valid Alias or the reserved keyword 'all'.");
+ $add_edit_os_policy = true;
+ }
+
+ if ($_POST['policy']) { $engine['policy'] = $_POST['policy']; } else { $engine['policy'] = "bsd"; }
+
+ // Can only have one "all" Bind_To address
+ if ($engine['bind_to'] == "all" && $engine['name'] <> "default") {
+ $input_errors[] = gettext("Only one default OS-Policy Engine can be bound to all addresses.");
+ $add_edit_os_policy = true;
+ $pengcfg = $engine;
+ }
+
+ // if no errors, write new entry to conf
+ if (!$input_errors) {
+ if (isset($eng_id) && $a_nat[$id]['host_os_policy']['item'][$eng_id]) {
+ $a_nat[$id]['host_os_policy']['item'][$eng_id] = $engine;
+ }
+ else
+ $a_nat[$id]['host_os_policy']['item'][] = $engine;
+
+ /* Reorder the engine array to ensure the */
+ /* 'bind_to=all' entry is at the bottom */
+ /* if it contains more than one entry. */
+ if (count($a_nat[$id]['host_os_policy']['item']) > 1) {
+ $i = -1;
+ foreach ($a_nat[$id]['host_os_policy']['item'] as $f => $v) {
+ if ($v['bind_to'] == "all") {
+ $i = $f;
+ break;
+ }
+ }
+ /* Only relocate the entry if we */
+ /* found it, and it's not already */
+ /* at the end. */
+ if ($i > -1 && ($i < (count($a_nat[$id]['host_os_policy']['item']) - 1))) {
+ $tmp = $a_nat[$id]['host_os_policy']['item'][$i];
+ unset($a_nat[$id]['host_os_policy']['item'][$i]);
+ $a_nat[$id]['host_os_policy']['item'][] = $tmp;
+ }
+ }
-if ($_POST['add_os_policy']) {
- header("Location: suricata_os_policy_engine.php?id={$id}&eng_id={$host_os_policy_engine_next_id}");
- exit;
+ // Now write the new engine array to conf
+ write_config();
+ $pconfig['host_os_policy']['item'] = $a_nat[$id]['host_os_policy']['item'];
+ }
+ }
+}
+elseif ($_POST['add_os_policy']) {
+ $add_edit_os_policy = true;
+ $pengcfg = array( "name" => "engine_{$host_os_policy_engine_next_id}", "bind_to" => "", "policy" => "bsd" );
+ $eng_id = $host_os_policy_engine_next_id;
+}
+elseif ($_POST['edit_os_policy']) {
+ if ($_POST['eng_id'] != "") {
+ $add_edit_os_policy = true;
+ $eng_id = $_POST['eng_id'];
+ $pengcfg = $a_nat[$id]['host_os_policy']['item'][$eng_id];
+ }
}
elseif ($_POST['del_os_policy']) {
$natent = array();
@@ -109,6 +203,9 @@ elseif ($_POST['del_os_policy']) {
write_config();
}
}
+elseif ($_POST['cancel_os_policy']) {
+ $add_edit_os_policy = false;
+}
elseif ($_POST['ResetAll']) {
/* Reset all the settings to defaults */
@@ -223,52 +320,97 @@ elseif ($_POST['save']) {
}
}
elseif ($_POST['save_import_alias']) {
- $engine = array( "name" => "", "bind_to" => "", "policy" => "bsd" );
-
- // See if anything was checked to import
- if (is_array($_POST['aliastoimport']) && count($_POST['aliastoimport']) > 0) {
- foreach ($_POST['aliastoimport'] as $item) {
- $engine['name'] = strtolower($item);
- $engine['bind_to'] = $item;
- $a_nat[$id]['host_os_policy']['item'][] = $engine;
+ // If saving out of "select alias" mode,
+ // then return to Host OS Policy Engine edit
+ // page.
+ if ($_POST['mode'] =='add_edit_os_policy') {
+ $pengcfg = array();
+ $eng_id = $_POST['eng_id'];
+ $pengcfg['name'] = $_POST['eng_name'];
+ $pengcfg['bind_to'] = $_POST['eng_bind'];
+ $pengcfg['policy'] = $_POST['eng_policy'];
+ $add_edit_os_policy = true;
+ $mode = "add_edit_os_policy";
+
+ if (is_array($_POST['aliastoimport']) && count($_POST['aliastoimport']) == 1) {
+ $pengcfg['bind_to'] = $_POST['aliastoimport'][0];
+ $importalias = false;
+ $selectalias = false;
+ }
+ else {
+ $input_errors[] = gettext("No Alias is selected for import. Nothing to SAVE.");
+ $importalias = true;
+ $selectalias = true;
+ $eng_id = $_POST['eng_id'];
+ $eng_name = $_POST['eng_name'];
+ $eng_bind = $_POST['eng_bind'];
+ $eng_policy = $_POST['eng_policy'];
}
}
else {
- $input_errors[] = gettext("No entries were selected for import. Please select one or more Aliases for import and click SAVE.");
- $importalias = true;
- }
+ // Assume we are importing one or more aliases
+ // for use in new Host OS Policy engines.
+ $engine = array( "name" => "", "bind_to" => "", "policy" => "bsd" );
+
+ // See if anything was checked to import
+ if (is_array($_POST['aliastoimport']) && count($_POST['aliastoimport']) > 0) {
+ foreach ($_POST['aliastoimport'] as $item) {
+ $engine['name'] = strtolower($item);
+ $engine['bind_to'] = $item;
+ $a_nat[$id]['host_os_policy']['item'][] = $engine;
+ }
+ }
+ else {
+ $input_errors[] = gettext("No entries were selected for import. Please select one or more Aliases for import and click SAVE.");
+ $importalias = true;
+ }
- // if no errors, write new entry to conf
- if (!$input_errors) {
- // Reorder the engine array to ensure the
- // 'bind_to=all' entry is at the bottom if
- // the array contains more than one entry.
- if (count($a_nat[$id]['host_os_policy']['item']) > 1) {
- $i = -1;
- foreach ($a_nat[$id]['host_os_policy']['item'] as $f => $v) {
- if ($v['bind_to'] == "all") {
- $i = $f;
- break;
+ // if no errors, write new entry to conf
+ if (!$input_errors) {
+ // Reorder the engine array to ensure the
+ // 'bind_to=all' entry is at the bottom if
+ // the array contains more than one entry.
+ if (count($a_nat[$id]['host_os_policy']['item']) > 1) {
+ $i = -1;
+ foreach ($a_nat[$id]['host_os_policy']['item'] as $f => $v) {
+ if ($v['bind_to'] == "all") {
+ $i = $f;
+ break;
+ }
}
+ // Only relocate the entry if we
+ // found it, and it's not already
+ // at the end.
+ if ($i > -1 && ($i < (count($a_nat[$id]['host_os_policy']['item']) - 1))) {
+ $tmp = $a_nat[$id]['host_os_policy']['item'][$i];
+ unset($a_nat[$id]['host_os_policy']['item'][$i]);
+ $a_nat[$id]['host_os_policy']['item'][] = $tmp;
+ }
+ $pconfig['host_os_policy']['item'] = $a_nat[$id]['host_os_policy']['item'];
}
- // Only relocate the entry if we
- // found it, and it's not already
- // at the end.
- if ($i > -1 && ($i < (count($a_nat[$id]['host_os_policy']['item']) - 1))) {
- $tmp = $a_nat[$id]['host_os_policy']['item'][$i];
- unset($a_nat[$id]['host_os_policy']['item'][$i]);
- $a_nat[$id]['host_os_policy']['item'][] = $tmp;
- }
- $pconfig['host_os_policy']['item'] = $a_nat[$id]['host_os_policy']['item'];
- }
- // Write the new engine array to config file
- write_config();
- $importalias = false;
+ // Write the new engine array to config file
+ write_config();
+ $importalias = false;
+ $selectalias = false;
+ }
}
}
elseif ($_POST['cancel_import_alias']) {
$importalias = false;
+ $selectalias = false;
+ $eng_id = $_POST['eng_id'];
+
+ // If cancelling out of "select alias" mode,
+ // then return to Host OS Policy Engine edit
+ // page.
+ if ($_POST['mode'] == 'add_edit_os_policy') {
+ $pengcfg = array();
+ $pengcfg['name'] = $_POST['eng_name'];
+ $pengcfg['bind_to'] = $_POST['eng_bind'];
+ $pengcfg['policy'] = $_POST['eng_policy'];
+ $add_edit_os_policy = true;
+ }
}
$if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']);
@@ -289,7 +431,7 @@ include_once("head.inc");
?>
<form action="suricata_flow_stream.php" method="post" name="iform" id="iform">
-<input type="hidden" name="eng_id" id="eng_id" value=""/>
+<input type="hidden" name="eng_id" id="eng_id" value="<?=$eng_id;?>"/>
<input type="hidden" name="id" id="id" value="<?=$id;?>"/>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
@@ -320,7 +462,17 @@ include_once("head.inc");
<tr><td><div id="mainarea">
<?php if ($importalias) : ?>
- <?php include("/usr/local/www/suricata/suricata_import_aliases.php"); ?>
+ <?php include("/usr/local/www/suricata/suricata_import_aliases.php");
+ if ($selectalias) {
+ echo '<input type="hidden" name="eng_name" value="' . $eng_name . '"/>';
+ echo '<input type="hidden" name="eng_bind" value="' . $eng_bind . '"/>';
+ echo '<input type="hidden" name="eng_policy" value="' . $eng_policy . '"/>';
+ }
+ ?>
+
+<?php elseif ($add_edit_os_policy) : ?>
+ <?php include("/usr/local/www/suricata/suricata_os_policy_engine.php"); ?>
+
<?php else: ?>
<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
@@ -350,9 +502,9 @@ include_once("head.inc");
<tr>
<td class="listlr" align="left"><?=gettext($v['name']);?></td>
<td class="listbg" align="center"><?=gettext($v['bind_to']);?></td>
- <td class="listt" align="right"><a href="suricata_os_policy_engine.php?id=<?=$id;?>&eng_id=<?=$f;?>">
- <img src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
- width="17" height="17" border="0" title="<?=gettext("Edit this policy configuration");?>"></a>
+ <td class="listt" align="right"><input type="image" name="edit_os_policy[]" value="<?=$f;?>" onclick="document.getElementById('eng_id').value='<?=$f;?>'"
+ src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif"
+ width="17" height="17" border="0" title="<?=gettext("Edit this policy configuration");?>"/>
<?php if ($v['bind_to'] <> "all") : ?>
<input type="image" name="del_os_policy[]" value="<?=$f;?>" onclick="document.getElementById('eng_id').value='<?=$f;?>';return confirm('Are you sure you want to delete this entry?');"
src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" width="17" height="17" border="0"
@@ -677,24 +829,6 @@ include_once("head.inc");
</div>
</td></tr></table>
</form>
-<script type="text/javascript">
-
-function wopen(url, name, w, h)
-{
- // Fudge factors for window decoration space.
- // In my tests these work well on all platforms & browsers.
- w += 32;
- h += 96;
- var win = window.open(url,
- name,
- 'width=' + w + ', height=' + h + ', ' +
- 'location=no, menubar=no, ' +
- 'status=no, toolbar=no, scrollbars=yes, resizable=yes');
- win.resizeTo(w, h);
- win.focus();
-}
-
-</script>
<?php include("fend.inc"); ?>
</body>
</html>
diff --git a/config/suricata/suricata_import_aliases.php b/config/suricata/suricata_import_aliases.php
index a93d2d64..ccaaf29d 100644
--- a/config/suricata/suricata_import_aliases.php
+++ b/config/suricata/suricata_import_aliases.php
@@ -39,6 +39,8 @@
$a_aliases --> $config['aliases']['alias'] array
$title --> title string for import alias engine type
$used --> array of currently used engine 'bind_to' Alias names
+ $selectalias --> boolean to display radio buttons instead of checkboxes
+ $mode --> string value to indicate current operation mode
Information is returned from this page via the following form fields:
@@ -51,11 +53,21 @@
<?php $selectablealias = false;
if (!is_array($a_aliases))
$a_aliases = array();
+ if ($mode <> "")
+ echo '<input type="hidden" name="mode" id="mode" value="' . $mode . '"/>';
+ if ($selectalias == true) {
+ $fieldtype = "radio";
+ $header = gettext("Select an Alias to use as {$title} target from the list below.");
+ }
+ else {
+ $fieldtype = "checkbox";
+ $header = gettext("Select one or more Aliases to use as {$title} targets from the list below.");
+ }
?>
+
<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
- <td class="listtopic" align="center"><?=gettext("Select one or more Aliases to use as {$title} targets from the list below.");?>
- </td>
+ <td class="listtopic" align="center"><?=$header;?></td>
</tr>
<tr>
<td>
@@ -99,7 +111,7 @@
<td class="listlr" align="center"><img src="../themes/<?=$g['theme'];?>/images/icons/icon_block_d.gif" width="11" height"11" border="0"/>
<?php else: ?>
<tr>
- <td class="listlr" align="center"><input type="checkbox" name="aliastoimport[]" value="<?=htmlspecialchars($alias['name']);?>" title="<?=$tooltip;?>"/></td>
+ <td class="listlr" align="center"><input type="<?=$fieldtype;?>" name="aliastoimport[]" value="<?=htmlspecialchars($alias['name']);?>" title="<?=$tooltip;?>"/></td>
<?php endif; ?>
<td class="listr" align="left"><?=$textss . htmlspecialchars($alias['name']) . $textse;?></td>
<td class="listr" align="left">
diff --git a/config/suricata/suricata_libhtp_policy_engine.php b/config/suricata/suricata_libhtp_policy_engine.php
index ec00bbb2..01f6b9e8 100644
--- a/config/suricata/suricata_libhtp_policy_engine.php
+++ b/config/suricata/suricata_libhtp_policy_engine.php
@@ -26,160 +26,33 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/suricata/suricata.inc");
-
-global $g;
-
-// Grab the incoming QUERY STRING or POST variables
-$id = $_GET['id'];
-$eng_id = $_GET['eng_id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-if (isset($_POST['eng_id']))
- $eng_id = $_POST['eng_id'];
-
-if (is_null($id)) {
- header("Location: /suricata/suricata_interfaces.php");
- exit;
-}
-if (is_null($eng_id)) {
- header("Location: /suricata/suricata_app_parsers.php?id={$id}");
- exit;
-}
-
-if (!is_array($config['installedpackages']['suricata']['rule']))
- $config['installedpackages']['suricata']['rule'] = array();
-if (!is_array($config['installedpackages']['suricata']['rule'][$id]['libhtp_policy']['item']))
- $config['installedpackages']['suricata']['rule'][$id]['libhtp_policy']['item'] = array();
-$a_nat = &$config['installedpackages']['suricata']['rule'][$id]['libhtp_policy']['item'];
-
-$pconfig = array();
-if (empty($a_nat[$eng_id])) {
- $def = array( "name" => "engine_{$eng_id}", "bind_to" => "", "personality" => "IDS",
- "request-body-limit" => "4096", "response-body-limit" => "4096",
- "double-decode-path" => "no", "double-decode-query" => "no" );
-
- // See if this is initial entry and set to "default" if true
- if ($eng_id < 1) {
- $def['name'] = "default";
- $def['bind_to'] = "all";
- }
- $pconfig = $def;
-}
-else {
- $pconfig = $a_nat[$eng_id];
-
- // Check for any empty values and set sensible defaults
- if (empty($pconfig['personality']))
- $pconfig['personality'] = "IDS";
-}
-
-if ($_POST['cancel']) {
- header("Location: /suricata/suricata_app_parsers.php?id={$id}");
- exit;
-}
-
-// Check for returned "selected alias" if action is import
-if ($_GET['act'] == "import") {
- if ($_GET['varname'] == "bind_to" && !empty($_GET['varvalue']))
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
-}
-
-if ($_POST['save']) {
-
- /* Grab all the POST values and save in new temp array */
- $engine = array();
- if ($_POST['policy_name']) { $engine['name'] = trim($_POST['policy_name']); } else { $engine['name'] = "default"; }
- if ($_POST['policy_bind_to']) {
- if (is_alias($_POST['policy_bind_to']))
- $engine['bind_to'] = $_POST['policy_bind_to'];
- elseif (strtolower(trim($_POST['policy_bind_to'])) == "all")
- $engine['bind_to'] = "all";
- else
- $input_errors[] = gettext("You must provide a valid Alias or the reserved keyword 'all' for the 'Bind-To IP Address' value.");
- }
- else {
- $input_errors[] = gettext("The 'Bind-To IP Address' value cannot be blank. Provide a valid Alias or the reserved keyword 'all'.");
- }
-
- if ($_POST['personality']) { $engine['personality'] = $_POST['personality']; } else { $engine['personality'] = "IDS"; }
- if (is_numeric($_POST['req_body_limit']) && $_POST['req_body_limit'] >= 0)
- $engine['request-body-limit'] = $_POST['req_body_limit'];
- else
- $input_errors[] = gettext("The value for 'Request Body Limit' must be all numbers and greater than or equal to zero.");
-
- if (is_numeric($_POST['resp_body_limit']) && $_POST['resp_body_limit'] >= 0)
- $engine['response-body-limit'] = $_POST['resp_body_limit'];
- else
- $input_errors[] = gettext("The value for 'Response Body Limit' must be all numbers and greater than or equal to zero.");
-
- if ($_POST['enable_double_decode_path']) { $engine['double-decode-path'] = 'yes'; }else{ $engine['double-decode-path'] = 'no'; }
- if ($_POST['enable_double_decode_query']) { $engine['double-decode-query'] = 'yes'; }else{ $engine['double-decode-query'] = 'no'; }
-
- /* Can only have one "all" Bind_To address */
- if ($engine['bind_to'] == "all" && $engine['name'] <> "default") {
- $input_errors[] = gettext("Only one default HTTP Server Policy Engine can be bound to all addresses.");
- $pconfig = $engine;
- }
-
- /* if no errors, write new entry to conf */
- if (!$input_errors) {
- if (isset($eng_id) && $a_nat[$eng_id]) {
- $a_nat[$eng_id] = $engine;
- }
- else
- $a_nat[] = $engine;
-
- /* Reorder the engine array to ensure the */
- /* 'bind_to=all' entry is at the bottom */
- /* if it contains more than one entry. */
- if (count($a_nat) > 1) {
- $i = -1;
- foreach ($a_nat as $f => $v) {
- if ($v['bind_to'] == "all") {
- $i = $f;
- break;
- }
- }
- /* Only relocate the entry if we */
- /* found it, and it's not already */
- /* at the end. */
- if ($i > -1 && ($i < (count($a_nat) - 1))) {
- $tmp = $a_nat[$i];
- unset($a_nat[$i]);
- $a_nat[] = $tmp;
- }
- }
-
- /* Now write the new engine array to conf */
- write_config();
-
- header("Location: /suricata/suricata_app_parsers.php?id={$id}");
- exit;
- }
-}
-
-$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['suricata']['rule'][$id]['interface']);
-$pgtitle = gettext("Suricata: Interface {$if_friendly} HTTP Server Policy Engine");
-include_once("head.inc");
-
-?>
-
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC" >
-
-<?php
-include("fbegin.inc");
-if ($input_errors) print_input_errors($input_errors);
-if ($savemsg)
- print_info_box($savemsg);
+/**************************************************************************************
+ This file contains code for adding/editing an existing Libhtp Policy Engine.
+ It is included and injected inline as needed into the suricata_app_parsers.php
+ page to provide the edit functionality for Host OS Policy Engines.
+
+ The following variables are assumed to exist and must be initialized
+ as necessary in order to utilize this page.
+
+ $g --> system global variables array
+ $config --> global variable pointing to configuration information
+ $pengcfg --> array containing current Libhtp Policy engine configuration
+
+ Information is returned from this page via the following form fields:
+
+ policy_name --> Unique Name for the Libhtp Policy Engine
+ policy_bind_to --> Alias name representing "bind_to" IP address for engine
+ personality --> Operating system chosen for engine policy
+ select_alias --> Submit button for select alias operation
+ req_body_limit --> Request Body Limit size
+ resp_body_limit --> Response Body Limit size
+ enable_double_decode_path --> double-decode path part of URI
+ enable_double_decode_query --> double-decode query string part of URI
+ save_libhtp_policy --> Submit button for save operation and exit
+ cancel_libhtp_policy --> Submit button to cancel operation and exit
+ **************************************************************************************/
?>
-<form action="suricata_libhtp_policy_engine.php" method="post" name="iform" id="iform">
-<input name="id" type="hidden" value="<?=$id?>">
-<input name="eng_id" type="hidden" value="<?=$eng_id?>">
-<div id="boxarea">
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td class="tabcont">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
@@ -190,8 +63,8 @@ if ($savemsg)
<td valign="top" class="vncell"><?php echo gettext("Engine Name"); ?></td>
<td class="vtable">
<input name="policy_name" type="text" class="formfld unknown" id="policy_name" size="25" maxlength="25"
- value="<?=htmlspecialchars($pconfig['name']);?>"<?php if (htmlspecialchars($pconfig['name']) == "default") echo "readonly";?>>&nbsp;
- <?php if (htmlspecialchars($pconfig['name']) <> "default")
+ value="<?=htmlspecialchars($pengcfg['name']);?>"<?php if (htmlspecialchars($pengcfg['name']) == "default") echo "readonly";?>>&nbsp;
+ <?php if (htmlspecialchars($pengcfg['name']) <> "default")
echo gettext("Name or description for this engine. (Max 25 characters)");
else
echo "<span class=\"red\">" . gettext("The name for the 'default' engine is read-only.") . "</span>";?><br/>
@@ -202,13 +75,13 @@ if ($savemsg)
<tr>
<td valign="top" class="vncell"><?php echo gettext("Bind-To IP Address Alias"); ?></td>
<td class="vtable">
- <?php if ($pconfig['name'] <> "default") : ?>
+ <?php if ($pengcfg['name'] <> "default") : ?>
<table width="95%" border="0" cellpadding="2" cellspacing="0">
<tr>
<td class="vexpl"><input name="policy_bind_to" type="text" class="formfldalias" id="policy_bind_to" size="32"
- value="<?=htmlspecialchars($pconfig['bind_to']);?>" title="<?=trim(filter_expand_alias($pconfig['bind_to']));?>" autocomplete="off">&nbsp;
+ value="<?=htmlspecialchars($pengcfg['bind_to']);?>" title="<?=trim(filter_expand_alias($pengcfg['bind_to']));?>" autocomplete="off">&nbsp;
<?php echo gettext("IP List to bind this engine to. (Cannot be blank)"); ?></td>
- <td class="vexpl" align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='suricata_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'"
+ <td class="vexpl" align="right"><input type="submit" class="formbtns" name="select_alias" value="Aliases"
title="<?php echo gettext("Select an existing IP alias");?>"/></td>
</tr>
<tr>
@@ -218,7 +91,7 @@ if ($savemsg)
<br/><span class="red"><strong><?php echo gettext("Note: ") . "</strong></span>" . gettext("Supplied value must be a pre-configured Alias or the keyword 'all'.");?>
<?php else : ?>
<input name="policy_bind_to" type="text" class="formfldalias" id="policy_bind_to" size="32"
- value="<?=htmlspecialchars($pconfig['bind_to']);?>" autocomplete="off" readonly>&nbsp;
+ value="<?=htmlspecialchars($pengcfg['bind_to']);?>" autocomplete="off" readonly>&nbsp;
<?php echo "<span class=\"red\">" . gettext("IP List for the default engine is read-only and must be 'all'.") . "</span>";?><br/>
<?php echo gettext("The default engine is required and will apply for packets with destination addresses not matching other engine IP Lists.");?><br/>
<?php endif ?>
@@ -232,7 +105,7 @@ if ($savemsg)
$profile = array( 'Apache', 'Apache_2_2', 'Generic', 'IDS', 'IIS_4_0', 'IIS_5_0', 'IIS_5_1', 'IIS_6_0', 'IIS_7_0', 'IIS_7_5', 'Minimal' );
foreach ($profile as $val): ?>
<option value="<?=$val;?>"
- <?php if ($val == $pconfig['personality']) echo "selected"; ?>>
+ <?php if ($val == $pengcfg['personality']) echo "selected"; ?>>
<?=gettext($val);?></option>
<?php endforeach; ?>
</select>&nbsp;&nbsp;<?php echo gettext("Choose the web server personality appropriate for the protected hosts. The default is ") .
@@ -247,7 +120,7 @@ if ($savemsg)
<td width="22%" valign="top" class="vncell"><?php echo gettext("Request Body Limit"); ?></td>
<td width="78%" class="vtable">
<input name="req_body_limit" type="text" class="formfld unknown" id="req_body_limit" size="9"
- value="<?=htmlspecialchars($pconfig['request-body-limit']);?>">&nbsp;
+ value="<?=htmlspecialchars($pengcfg['request-body-limit']);?>">&nbsp;
<?php echo gettext("Maximum number of HTTP request body bytes to inspect. Default is ") .
"<strong>" . gettext("4,096") . "</strong>" . gettext(" bytes."); ?><br/><br/>
<?php echo gettext("HTTP request bodies are often big, so they take a lot of time to process which has a significant impact ") .
@@ -259,7 +132,7 @@ if ($savemsg)
<td width="22%" valign="top" class="vncell"><?php echo gettext("Response Body Limit"); ?></td>
<td width="78%" class="vtable">
<input name="resp_body_limit" type="text" class="formfld unknown" id="resp_body_limit" size="9"
- value="<?=htmlspecialchars($pconfig['response-body-limit']);?>">&nbsp;
+ value="<?=htmlspecialchars($pengcfg['response-body-limit']);?>">&nbsp;
<?php echo gettext("Maximum number of HTTP response body bytes to inspect. Default is ") .
"<strong>" . gettext("4,096") . "</strong>" . gettext(" bytes."); ?><br/><br/>
<?php echo gettext("HTTP response bodies are often big, so they take a lot of time to process which has a significant impact ") .
@@ -272,31 +145,27 @@ if ($savemsg)
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Double-Decode Path"); ?></td>
- <td width="78%" class="vtable"><input name="enable_double_decode_path" type="checkbox" value="on" <?php if ($pconfig['double-decode-path'] == "yes") echo "checked"; ?>>
+ <td width="78%" class="vtable"><input name="enable_double_decode_path" type="checkbox" value="yes" <?php if ($pengcfg['double-decode-path'] == "yes") echo "checked"; ?>>
<?php echo gettext("Suricata will double-decode path section of the URI. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>."; ?></td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?php echo gettext("Double-Decode Query"); ?></td>
- <td width="78%" class="vtable"><input name="enable_double_decode_query" type="checkbox" value="on" <?php if ($pconfig['double-decode-query'] == "yes") echo "checked"; ?>>
+ <td width="78%" class="vtable"><input name="enable_double_decode_query" type="checkbox" value="yes" <?php if ($pengcfg['double-decode-query'] == "yes") echo "checked"; ?>>
<?php echo gettext("Suricata will double-decode query string section of the URI. Default is ") . "<strong>" . gettext("Not Checked") . "</strong>."; ?></td>
</tr>
<tr>
<td width="22%" valign="bottom">&nbsp;</td>
<td width="78%" valign="bottom">
- <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo
+ <input name="save_libhtp_policy" id="save_libhtp_policy" type="submit" class="formbtn" value=" Save " title="<?php echo
gettext("Save web server policy engine settings and return to App Parsers tab"); ?>">
&nbsp;&nbsp;&nbsp;&nbsp;
- <input name="cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo
+ <input name="cancel_libhtp_policy" id="cancel_libhtp_policy" type="submit" class="formbtn" value="Cancel" title="<?php echo
gettext("Cancel changes and return to App Parsers tab"); ?>"></td>
</tr>
</table>
</td>
</tr>
-</table>
-</div>
-</form>
-<?php include("fend.inc"); ?>
-</body>
+
<script type="text/javascript" src="/javascript/autosuggest.js">
</script>
<script type="text/javascript" src="/javascript/suggestions.js">
@@ -315,4 +184,3 @@ setTimeout("createAutoSuggest();", 500);
</script>
-</html>
diff --git a/config/suricata/suricata_os_policy_engine.php b/config/suricata/suricata_os_policy_engine.php
index ae5a9348..ea539e92 100644
--- a/config/suricata/suricata_os_policy_engine.php
+++ b/config/suricata/suricata_os_policy_engine.php
@@ -26,157 +26,41 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
-require_once("guiconfig.inc");
-require_once("/usr/local/pkg/suricata/suricata.inc");
-
-global $g;
-
-// Grab the incoming QUERY STRING or POST variables
-$id = $_GET['id'];
-$eng_id = $_GET['eng_id'];
-if (isset($_POST['id']))
- $id = $_POST['id'];
-if (isset($_POST['eng_id']))
- $eng_id = $_POST['eng_id'];
-
-if (is_null($id)) {
- header("Location: /suricata/suricata_interfaces.php");
- exit;
-}
-if (is_null($eng_id)) {
- header("Location: /suricata/suricata_flow_stream.php?id={$id}");
- exit;
-}
-
-if (!is_array($config['installedpackages']['suricata']['rule']))
- $config['installedpackages']['suricata']['rule'] = array();
-if (!is_array($config['installedpackages']['suricata']['rule'][$id]['host_os_policy']['item']))
- $config['installedpackages']['suricata']['rule'][$id]['host_os_policy']['item'] = array();
-$a_nat = &$config['installedpackages']['suricata']['rule'][$id]['host_os_policy']['item'];
-
-$pconfig = array();
-if (empty($a_nat[$eng_id])) {
- $def = array( "name" => "engine_{$eng_id}", "bind_to" => "", "policy" => "bsd" );
- // See if this is initial entry and set to "default" if true
- if ($eng_id < 1) {
- $def['name'] = "default";
- $def['bind_to'] = "all";
- }
- $pconfig = $def;
-}
-else {
- $pconfig = $a_nat[$eng_id];
-
- // Check for any empty values and set sensible defaults
- if (empty($pconfig['policy']))
- $pconfig['policy'] = "bsd";
-}
-
-if ($_POST['cancel']) {
- header("Location: /suricata/suricata_flow_stream.php?id={$id}");
- exit;
-}
-
-// Check for returned "selected alias" if action is import
-if ($_GET['act'] == "import") {
- if ($_GET['varname'] == "bind_to" && !empty($_GET['varvalue']))
- $pconfig[$_GET['varname']] = $_GET['varvalue'];
-}
-
-if ($_POST['save']) {
-
- /* Grab all the POST values and save in new temp array */
- $engine = array();
- if ($_POST['policy_name']) { $engine['name'] = trim($_POST['policy_name']); } else { $engine['name'] = "default"; }
- if ($_POST['policy_bind_to']) {
- if (is_alias($_POST['policy_bind_to']))
- $engine['bind_to'] = $_POST['policy_bind_to'];
- elseif (strtolower(trim($_POST['policy_bind_to'])) == "all")
- $engine['bind_to'] = "all";
- else
- $input_errors[] = gettext("You must provide a valid Alias or the reserved keyword 'all' for the 'Bind-To IP Address' value.");
- }
- else {
- $input_errors[] = gettext("The 'Bind-To IP Address' value cannot be blank. Provide a valid Alias or the reserved keyword 'all'.");
- }
-
- if ($_POST['policy']) { $engine['policy'] = $_POST['policy']; } else { $engine['policy'] = "bsd"; }
-
- /* Can only have one "all" Bind_To address */
- if ($engine['bind_to'] == "all" && $engine['name'] <> "default") {
- $input_errors[] = gettext("Only one default OS-Policy Engine can be bound to all addresses.");
- $pconfig = $engine;
- }
-
- /* if no errors, write new entry to conf */
- if (!$input_errors) {
- if (isset($eng_id) && $a_nat[$eng_id]) {
- $a_nat[$eng_id] = $engine;
- }
- else
- $a_nat[] = $engine;
-
- /* Reorder the engine array to ensure the */
- /* 'bind_to=all' entry is at the bottom */
- /* if it contains more than one entry. */
- if (count($a_nat) > 1) {
- $i = -1;
- foreach ($a_nat as $f => $v) {
- if ($v['bind_to'] == "all") {
- $i = $f;
- break;
- }
- }
- /* Only relocate the entry if we */
- /* found it, and it's not already */
- /* at the end. */
- if ($i > -1 && ($i < (count($a_nat) - 1))) {
- $tmp = $a_nat[$i];
- unset($a_nat[$i]);
- $a_nat[] = $tmp;
- }
- }
-
- /* Now write the new engine array to conf */
- write_config();
-
- header("Location: /suricata/suricata_flow_stream.php?id={$id}");
- exit;
- }
-}
-
-$if_friendly = convert_friendly_interface_to_friendly_descr($config['installedpackages']['suricata']['rule'][$id]['interface']);
-$pgtitle = gettext("Suricata: Interface {$if_friendly} Operating System Policy Engine");
-include_once("head.inc");
-
+/**************************************************************************************
+ This file contains code for adding/editing an existing Host OS Policy Engine.
+ It is included and injected inline as needed into the suricata_stream_flow.php
+ page to provide the edit functionality for Host OS Policy Engines.
+
+ The following variables are assumed to exist and must be initialized
+ as necessary in order to utilize this page.
+
+ $g --> system global variables array
+ $config --> global variable pointing to configuration information
+ $pengcfg --> array containing current Host OS Policy engine configuration
+
+ Information is returned from this page via the following form fields:
+
+ policy_name --> Unique Name for the Host OS Policy Engine
+ policy_bind_to --> Alias name representing "bind_to" IP address for engine
+ policy --> Operating system chosen for engine policy
+ select_alias --> Submit button for select alias operation
+ save_os_policy --> Submit button for save operation and exit
+ cancel_os_policy --> Submit button to cancel operation and exit
+ **************************************************************************************/
?>
-<body link="#0000CC" vlink="#0000CC" alink="#0000CC" >
-
-<?php
-include("fbegin.inc");
-if ($input_errors) print_input_errors($input_errors);
-if ($savemsg)
- print_info_box($savemsg);
-?>
-
-<form action="suricata_os_policy_engine.php" method="post" name="iform" id="iform">
-<input name="id" type="hidden" value="<?=$id?>">
-<input name="eng_id" type="hidden" value="<?=$eng_id?>">
-<div id="boxarea">
-<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td class="tabcont">
<table width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
- <td colspan="2" valign="middle" class="listtopic"><?php echo gettext("Suricata Target-Based OS Policy Engine Configuration"); ?></td>
+ <td colspan="2" align="center" class="listtopic"><?php echo gettext("Suricata Target-Based Host OS Policy Engine Configuration"); ?></td>
</tr>
<tr>
- <td valign="top" class="vncell"><?php echo gettext("Engine Name"); ?></td>
+ <td valign="top" class="vncell"><?php echo gettext("Policy Name"); ?></td>
<td class="vtable">
<input name="policy_name" type="text" class="formfld unknown" id="policy_name" size="25" maxlength="25"
- value="<?=htmlspecialchars($pconfig['name']);?>"<?php if (htmlspecialchars($pconfig['name']) == "default") echo "readonly";?>>&nbsp;
- <?php if (htmlspecialchars($pconfig['name']) <> "default")
+ value="<?=htmlspecialchars($pengcfg['name']);?>"<?php if (htmlspecialchars($pengcfg['name']) == "default") echo "readonly";?>/>&nbsp;
+ <?php if (htmlspecialchars($pengcfg['name']) <> "default")
echo gettext("Name or description for this engine. (Max 25 characters)");
else
echo "<span class=\"red\">" . gettext("The name for the 'default' engine is read-only.") . "</span>";?><br/>
@@ -187,13 +71,13 @@ if ($savemsg)
<tr>
<td valign="top" class="vncell"><?php echo gettext("Bind-To IP Address Alias"); ?></td>
<td class="vtable">
- <?php if ($pconfig['name'] <> "default") : ?>
+ <?php if ($pengcfg['name'] <> "default") : ?>
<table width="95%" border="0" cellpadding="2" cellspacing="0">
<tr>
<td class="vexpl"><input name="policy_bind_to" type="text" class="formfldalias" id="policy_bind_to" size="32"
- value="<?=htmlspecialchars($pconfig['bind_to']);?>" title="<?=trim(filter_expand_alias($pconfig['bind_to']));?>" autocomplete="off">&nbsp;
+ value="<?=htmlspecialchars($pengcfg['bind_to']);?>" title="<?=trim(filter_expand_alias($pengcfg['bind_to']));?>" autocomplete="off"/>&nbsp;
<?php echo gettext("IP List to bind this engine to. (Cannot be blank)"); ?></td>
- <td class="vexpl" align="right"><input type="button" class="formbtns" value="Aliases" onclick="parent.location='suricata_select_alias.php?id=<?=$id;?>&eng_id=<?=$eng_id;?>&type=host|network&varname=bind_to&act=import&multi_ip=yes&returl=<?=urlencode($_SERVER['PHP_SELF']);?>'"
+ <td class="vexpl" align="right"><input type="submit" class="formbtns" name="select_alias" value="Aliases"
title="<?php echo gettext("Select an existing IP alias");?>"/></td>
</tr>
<tr>
@@ -204,7 +88,7 @@ if ($savemsg)
&nbsp;&nbsp;&nbsp;&nbsp;
<?php else : ?>
<input name="policy_bind_to" type="text" class="formfldalias" id="policy_bind_to" size="32"
- value="<?=htmlspecialchars($pconfig['bind_to']);?>" autocomplete="off" readonly>&nbsp;
+ value="<?=htmlspecialchars($pengcfg['bind_to']);?>" autocomplete="off" readonly>&nbsp;
<?php echo "<span class=\"red\">" . gettext("IP List for the default engine is read-only and must be 'all'.") . "</span>";?><br/>
<?php echo gettext("The default engine is required and will apply for packets with destination addresses not matching other engine IP Lists.");?><br/>
<?php endif ?>
@@ -218,7 +102,7 @@ if ($savemsg)
$profile = array( 'BSD', 'BSD-Right', 'HPUX10', 'HPUX11', 'Irix', 'Linux', 'Mac-OS', 'Old-Linux', 'Old-Solaris', 'Solaris', 'Vista', 'Windows', 'Windows2k3' );
foreach ($profile as $val): ?>
<option value="<?=strtolower($val);?>"
- <?php if (strtolower($val) == $pconfig['policy']) echo "selected"; ?>>
+ <?php if (strtolower($val) == $pengcfg['policy']) echo "selected"; ?>>
<?=gettext($val);?></option>
<?php endforeach; ?>
</select>&nbsp;&nbsp;<?php echo gettext("Choose the OS target policy appropriate for the protected hosts. The default is ") .
@@ -229,20 +113,15 @@ if ($savemsg)
<tr>
<td width="22%" valign="bottom">&nbsp;</td>
<td width="78%" valign="bottom">
- <input name="save" id="save" type="submit" class="formbtn" value=" Save " title="<?php echo
+ <input name="save_os_policy" id="save_os_policy" type="submit" class="formbtn" value=" Save " title="<?php echo
gettext("Save OS policy engine settings and return to Flow/Stream tab"); ?>">
&nbsp;&nbsp;&nbsp;&nbsp;
- <input name="cancel" id="cancel" type="submit" class="formbtn" value="Cancel" title="<?php echo
+ <input name="cancel_os_policy" id="cancel_os_policy" type="submit" class="formbtn" value="Cancel" title="<?php echo
gettext("Cancel changes and return to Flow/Stream tab"); ?>"></td>
</tr>
</table>
</td>
</tr>
-</table>
-</div>
-</form>
-<?php include("fend.inc"); ?>
-</body>
<script type="text/javascript" src="/javascript/autosuggest.js">
</script>
<script type="text/javascript" src="/javascript/suggestions.js">
@@ -262,4 +141,3 @@ setTimeout("createAutoSuggest();", 500);
</script>
-</html>